In the grand scheme of things Adobe is delivering a run of the mill patch. What's annoying is the disclosure--or lack of it. This gets to the heart of what IBM's ISS unit was talking about this yesterday when it reported that vulnerability disclosures were down in 2007. A sign of progress? Not quite. It's is just that people are keeping mum about vulnerabilities.

Update: Adobe has issued a statement. Here's the full text:

On Feb. 6, Adobe made available an update to Acrobat and Adobe Reader 8.x. It updates the Windows and Mac versions of Acrobat to 8.1.2, and the Windows, Mac, Linux, and Solaris versions of Adobe Reader to 8.1.2.

In addition to addressing bug fixes and providing support for Mac OS X Leopard (up through version 10.5.1), the update includes several important security fixes, among them a few of critical severity that could be remotely exploitable.

Adobe plans to share further information on the topic within a few days via the company’s Security Bulletins and Advisories page (http://www.adobe.com/support/security/), at which point the company has completed the process of responsible disclosure with third-party stakeholders.